<?php
	include 'commonAccountFunctions.php';
	
	session_start();
	
	$username=checkAuthentication();
	$oldpwd = $_REQUEST['oldPassword'];
	$newpwd = $_REQUEST['newPassword'];
	$repeatpwd = $_REQUEST['repeatPassword'];
	
	if(!userExists($username)){
		// not a valid user name
		header('Location: index.php');
	} else if($oldpwd){ // If there is an old password entry, then reset the password
		$auth=getPermissions($username);
		$email=getUserEmail($username);
		
		if(getPassword($username)===hash("sha256", $oldpwd)){
			if($newpwd===$repeatpwd){ // If the two passwords match...
				setAccount($username, $newpwd, $auth, $email);
				$subject="Lab-Check password change";
				$message="Your new password is $newpwd";
		
				mail($email, $subject, $message, 'From: nick.watkins@vikings.berry.edu');
			}
		}
	}
	header('Location: index.php');
?>